Neural networks build the foundation of several intelligent systems, which, however, are known to be easily fooled by adversarial examples. Recent advances made these attacks possible even in air-gapped scenarios, where the autonomous system observes its surroundings by, e.g., a camera. We extend these ideas in our research and evaluate the robustness of multi-camera setups against such physical adversarial examples. This scenario becomes ever more important with the rise in popularity of autonomous vehicles, which fuse the information of several cameras for their driving decision. While we find that multi-camera setups provide some robustness towards past attack methods, we see that this advantage reduces when optimizing on multiple perspectives at once. We propose a novel attack method that we call Transcender-MC, where we incorporate online 3D renderings and perspective projections in the training process. Moreover, we motivate that certain data augmentation techniques can facilitate the generation of successful adversarial examples even further. Transcender-MC is 11% more effective in successfully attacking multi-camera setups than state-of-the-art methods. Our findings offer valuable insights regarding the resilience of object detection in a setup with multiple cameras and motivate the need of developing adequate defense mechanisms against them.

翻译：神经网络构成了多种智能系统的基础，然而，这类系统易于被对抗样本所欺骗。近期研究进展使得即使在气隙隔离场景中也能实现此类攻击，其中自主系统通过摄像头等设备观察其周围环境。我们在研究中拓展了这些思路，评估了多摄像头配置在面对此类物理对抗样本时的鲁棒性。随着自动驾驶汽车（其驾驶决策需融合多个摄像头的感知信息）的日益普及，这一场景愈发重要。我们发现，尽管多摄像头配置对过往攻击方法具备一定鲁棒性，但当针对多个视角同时进行优化时，这一优势会减弱。我们提出了一种名为Transcender-MC的新型攻击方法，其在训练过程中融入了在线三维渲染与透视投影技术。此外，我们论证了特定数据增强技术可进一步促进有效对抗样本的生成。Transcender-MC在成功攻击多摄像头配置方面的有效性比现有最先进方法高出11%。我们的研究结果为理解多摄像头配置下目标检测的鲁棒性提供了宝贵见解，并凸显了开发相应防御机制的必要性。